Here’s an interesting link re iv vectors. It says iv can be sent in plain view. Hmmm.... http://www.cryptofails.com/post/70059609995/crypto-noobs-1-initialization-vectors
But, I thought having the iv vector in plain view was also a security risk. Perhaps I’m belaboring this and I apologize if I this discussion is getting tedious. Bill William Prothero http://earthlearningsolutions.org > On Jun 28, 2018, at 3:53 PM, Mark Wieder via use-livecode > <use-livecode@lists.runrev.com> wrote: > > Return-Path: <use-livecode-boun...@lists.runrev.com> > Delivered-To: proth...@earthlearningsolutions.org > Received: from ssd.earthlearningsolutions.org > by ssd.earthlearningsolutions.org with LMTP id iK5OBz9nNVvKBQgAqWmBzQ > for <proth...@earthlearningsolutions.org>; Thu, 28 Jun 2018 22:54:55 +0000 > Return-path: <use-livecode-boun...@lists.runrev.com> > Envelope-to: proth...@earthlearningsolutions.org > Delivery-date: Thu, 28 Jun 2018 22:54:55 +0000 > Received: from on-rev.com ([37.59.205.90]:45213 helo=var.runrev.com) > by ssd.earthlearningsolutions.org with esmtps > (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) > (Exim 4.91) > (envelope-from <use-livecode-boun...@lists.runrev.com>) > id 1fYfoU-002Cli-VR > for proth...@earthlearningsolutions.org; Thu, 28 Jun 2018 22:54:55 +0000 > Received: from localhost ([127.0.0.1]:40505 helo=meg.on-rev.com) > by meg.on-rev.com with esmtp (Exim 4.85) > (envelope-from <use-livecode-boun...@lists.runrev.com>) > id 1fYfnh-0002Uo-3q; Fri, 29 Jun 2018 00:54:05 +0200 > Received: from c.mail.sonic.net ([64.142.111.80]:34500) > by meg.on-rev.com with esmtps (TLSv1.2:DHE-RSA-AES128-GCM-SHA256:128) > (Exim 4.85) (envelope-from <ahsoftw...@sonic.net>) > id 1fYfne-0002Tc-Fv > for use-livecode@lists.runrev.com; Fri, 29 Jun 2018 00:54:02 +0200 > Received: from [192.168.0.1] (50-1-85-235.dsl.dynamic.fusionbroadband.com > [50.1.85.235]) (authenticated bits=0) > by c.mail.sonic.net (8.15.1/8.15.1) with ESMTPSA id w5SMruW6005477 > (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) > for <use-livecode@lists.runrev.com>; Thu, 28 Jun 2018 15:53:57 -0700 > Subject: Re: Examples of encryption for database access > To: Brian Milby via use-livecode <use-livecode@lists.runrev.com> > References: > <cwlp265mb038873410294eb2bbf14aefa8f...@cwlp265mb0388.gbrp265.prod.outlook.com> > <9f0c3b88-0189-4e92-8d43-c1b344d0f...@major-k.de> > > <cwlp265mb03888246e70c5ff9ad7d3ca38f...@cwlp265mb0388.gbrp265.prod.outlook.com> > <677a939f-b639-4097-a466-70ba02221...@gmail.com> > <9fd89e75-5162-1468-e67e-3e0a28302...@sonic.net> > <9c9c7f4b-b2c7-42da-90ab-0926db177...@gmail.com> > <dc79e88a-761f-4cfc-b882-25e0aae45...@gmail.com> > <b41a141b-5f10-ee17-ce6e-873684d60...@sonic.net> > <a67d8e80-f51e-4fda-b2e4-b348df0e7...@gmail.com> > <f9a11613-1c50-48a8-9106-0c779e0aa607@Spark> > <4efe880c-d188-400b-31d9-564a0540a...@sonic.net> > <ff530caa-ed67-4684-8414-6c37f6fc0...@gmail.com> > <1bcf1dcd-f1ab-7bfd-8404-7df1c1b9c...@sonic.net> > <05ec683c-5dd8-44ef-8352-6e052f1d3...@earthlearningsolutions.org> > <b1c23eff-7f5d-4028-abfd-bf912ded88fa@Spark> > Message-ID: <281c22d4-20f8-88a3-c2bd-4a7aa85f3...@sonic.net> > Date: Thu, 28 Jun 2018 15:53:47 -0700 > User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 > Thunderbird/52.8.0 > MIME-Version: 1.0 > In-Reply-To: <b1c23eff-7f5d-4028-abfd-bf912ded88fa@Spark> > Content-Language: en-US > X-Sonic-CAuth: > UmFuZG9tSVYV61H8iJnDK8B78GdZlYqOiytilmPik8b3rpWaN3EnRBEaGwmBl44wO/6mwKUeRD6UgYKrQpGb7glziXUhBLNd > X-Sonic-ID: C;bmxTIyZ76BGfs641UvMdPQ== M;TH6LIyZ76BGfs641UvMdPQ== > X-Sonic-Spam-Details: 0.0/5.0 by cerberusd > X-BeenThere: use-livecode@lists.runrev.com > X-Mailman-Version: 2.1.20 > Precedence: list > List-Id: How to use LiveCode <use-livecode.lists.runrev.com> > List-Unsubscribe: <http://lists.runrev.com/mailman/options/use-livecode>, > <mailto:use-livecode-requ...@lists.runrev.com?subject=unsubscribe> > List-Archive: <http://lists.runrev.com/pipermail/use-livecode/> > List-Post: <mailto:use-livecode@lists.runrev.com> > List-Help: <mailto:use-livecode-requ...@lists.runrev.com?subject=help> > List-Subscribe: <http://lists.runrev.com/mailman/listinfo/use-livecode>, > <mailto:use-livecode-requ...@lists.runrev.com?subject=subscribe> > From: Mark Wieder via use-livecode <use-livecode@lists.runrev.com> > Reply-To: How to use LiveCode <use-livecode@lists.runrev.com> > Cc: Mark Wieder <ahsoftw...@sonic.net> > Content-Transfer-Encoding: 7bit > Content-Type: text/plain; charset="us-ascii"; Format="flowed" > Errors-To: use-livecode-boun...@lists.runrev.com > Sender: "use-livecode" <use-livecode-boun...@lists.runrev.com> > X-AntiAbuse: This header was added to track abuse, please include it with any > abuse report > X-AntiAbuse: Primary Hostname - meg.on-rev.com > X-AntiAbuse: Original Domain - earthlearningsolutions.org > X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] > X-AntiAbuse: Sender Address Domain - lists.runrev.com > X-Get-Message-Sender-Via: meg.on-rev.com: acl_c_authenticated_local_user: > mailman/mailman > >> On 06/28/2018 01:49 PM, Brian Milby via use-livecode wrote: >> Random IV means that an attacker can not generate a dictionary in advance. >> Knowing it at the same time is not an issue since they cypher is not >> cracked. The other reason is that the IV seeds the AES encryption so that >> the first block does not give anything away. If the first encrypted block >> for the same data is always the same, the attacker can use that to test >> guesses if they can control what is being encrypted. Same issue if they can >> predict the IV. See the Wikipedia entry I linked to for a better discussion. > > Encryption with an initialization vector isn't a reversible operation. It's > not like XORing a value with another. Being able to *predict* an iv value, > however, as opposed to just knowing the current value, is a security problem. > >> IV is fixed at the block size of the cipher. So for AES it is 16 bytes. > > Yes, I stand corrected. Silly me assumed that aes-256 would use a larger > block size. AES uses only 128-bit blocks with different key sizes. > > -- > Mark Wieder > ahsoftw...@gmail.com > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode >> On 06/28/2018 01:49 PM, Brian Milby via use-livecode wrote: >> Random IV means that an attacker can not generate a dictionary in advance. >> Knowing it at the same time is not an issue since they cypher is not >> cracked. The other reason is that the IV seeds the AES encryption so that >> the first block does not give anything away. If the first encrypted block >> for the same data is always the same, the attacker can use that to test >> guesses if they can control what is being encrypted. Same issue if they can >> predict the IV. See the Wikipedia entry I linked to for a better discussion. > > Encryption with an initialization vector isn't a reversible operation. It's > not like XORing a value with another. Being able to *predict* an iv value, > however, as opposed to just knowing the current value, is a security problem. > >> IV is fixed at the block size of the cipher. So for AES it is 16 bytes. > > Yes, I stand corrected. Silly me assumed that aes-256 would use a larger > block size. AES uses only 128-bit blocks with different key sizes. > > -- > Mark Wieder > ahsoftw...@gmail.com > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
